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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )□ Responsive to communication(s) filed on 28 June 2004 . 
2a)[3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) KI Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEI Claim(s) 1-30 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) p aP© r No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-152) 
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DETAILED ACTION 

Claims 1-30 were pending for examination. 

Response to Amendment 

Applicant's arguments filed on 6/28/2004 regarding the rejection of the claims 1-30 under 
35 U.S.C. 103() have been fully considered but they are not persuasive. 

Applicant's attempt to distinguish the claims from prior art is based on noting the lack of 
a teaching of a " a resource request that identifies an operation to be performed with respect to 
the resource 1 *. Page 8, first paragraph of the Remarks. This feature was found to be taught by 
Win as cited in the rejection of claim 1. Win teaches a related feature which is the step of 
identifying .... describing resources that the user is authorized to use"(Win. col. 2, lines 62-65). 
That is, the 

resources that a user request and is authorized to use constitutes " resource request that 

identifies an operation to be performed with respect to the resource". According to the MPEP 
904.01, the Examiner is obligated to give each term in the claims its broadest reasonable 
interpretation. See also In re Morris, 127 F.3d 1048, 44 USPQ2nd 1023 (Fed. Cir. 1997). The 

examiners broadest reasonable interpretation of resource request that identifies an 

operation to he preformed with respect to the resource" corresponds to accessing and using a 
resource by an authorized user of Win. Furthermore, while the claims are read and examined in 
light of specification, the Examiner declines to read the limitations from the specification into the 
claim. 
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Applicant further argues that Brown's reference unlike the present invention, does not 
teach " the resource request including credentials and identifying an operation to be preformed 
with the respect to a resource, page 9, second paragraph of the Remark. 

The Examiner responds that this limitation is taught by the primary reference of Win as 
stated in the rejection of claim 1, 12, 20 and 26. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1-9, 11-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over prior 
Win and further in view of Brown et al. 

As per claims 1-3, 5-9, 11-13, 1°5-21, 23-24, 26-27 and 29 ,Win is directed to a method , 
Apparatus, system and computer executable instructions for controlling access to protected 
information resources see abstract. 

receiving a resource request froth a first requestor, the resource request including 
credentials and identifying an operation to be performed with respect to a resource, recited in 
claims 1,12, 20 and 26 [ col. 6, lines 6-16, line 65, see also Figures 1-2 for the corresponding 
system and apparatus and APPENDIX I for Integration Guide] ; 

determining whether the first requestor is authorized to perform the operation with 
respect to the resource based on whether the credentials in the resource request match a resource 
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authorization parameter associated with the resource node, recited in claims 1,12,20 and 26 [ co 
1. 6, lines 17-64]. 
Win fails to teach 

mapping the resource request to a resource identifier; searching a resource data structure 
for a resource node based on the resource identifier , recited in claims 1, 12, 20 and 26; and 

wherein searching includes searching resource nodes each of which represents a resource 
and includes a resource identifier, recited in claim 2, 

wherein searching includes searching a directed graph structure, recited in claims 
3, 13, 21 and 27, 

wherein mapping includes mapping the resource request to the resource identifier and a 
resource authorization parameter including an editor level authorizing read/write access to the 
resource, an owner level authorizing complete access to the resource, reviewer level authorizing 
read only access to the resource and a none level denying all access to the resource recited in 
claims 5-8, 15-18 and 23, and 

delegating the credentials of a child node to a parent node in the resource data structure, 
recited in claims 9, 19, 24 and 29. 

Brown teaches mapping the resource request to a resource identifier; searching a 
resource data structure for a resource node based on the resource identifier [Brown, col. 15, lines 
38-40]; and 

wherein searching includes searching resource nodes each of which represents a resource 
and includes a resource identifier [Brown, col. 15, lines 41-65, col. 16, lines 28-45], 
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wherein searching includes searching a directed graph stricture, recited in claims 3, 13, 
21 and 27 [Brown, col. 13, lines 51-65], 

wherein mapping includes mapping the resource request to the resource identifier and a 
resource authorization parameter including an editor level authorizing read/write access to the 
resource, an owner level authorizing complete access to the resource, reviewer level authorizing 
read only access to the resource and a none level denying all access to the [ col. 17, lines 5-67], 
and 

delegating the credentials of a child node to a parent node in the resource data structure 
[Brown, col. 14, line 54 through col. 15, line 26]. 

It would have been obvious to one of ordinary skill in the art at the tune the invention was 
made to modify the registry server of the Win to that Brown's Directory service to map the 
resource request to a resource identifier to flexibly manage user-specific access rights to different 
content entities when the number of subscribers (such as owners, editors, reviewers and guests) 
may be in the millions and the number of content entities may be in the tens of thousands, where 
these large quantities of access rights consumes large amounts of memory and often takes 
unacceptably long period of time to search, see col. 1, line 38 through line 2, line 16 (Brown). 

As per claims 4, 14, 22 and 28, Win teaches receiving a resource request includes 
receiving a digital certificate conforming to a simplified public key infrastructure [col. 6, lines 
616]. 

As per claims 25 and 30, Win teaches the delegation of credentials associated with the 
first requestor to a second requestor wherein the second requestor can request resources using the 
credentials from the first requestor as if it were the first requestor [Win teaches defining 
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Administrative Roles to delegate Administration function, where centralized administration of a 
system is undesirable. That is, Administration Application of Win can delegate administration of 
users, roles, servers or the system to other administrations. This is done trough a special type of 
role, called Admin role. When the Admin Role is assigned to a user, that user has the right to 
perform administrative functions, see col. 16, lines 35-67]. 

Claim 10 is rejected under 35 U.S.C. 103(a) as being unpatentable over Win et al and 
Brown as applied to claim 9 and further in view of Carter et, US Pat. No. 6,601,171, issued Jul. 
2003. 

Win as modified teach all limitations of claim 9 except in which the resource request is 
handled based on the delegated credentials. 

Carter discloses that the key-oriented certificate (such as SDS1) used to delegate rights 
among entities of distributed computing systems are well known in the art, see col. 1, lines 3463. 

It would have been obvious to one ordinary skill in the art at the time the invention was 
made to incorporate such delegation services into Browns computer network and Win's 
distributed access management to meet the urgent need in achieving seamless distribution of 
critical resources, and to make the power of computing resources available for more widespread 
use, see Col. 1, lines 23-34, see also col. 1 3, lines 14-42. 

Action is Final 

THIS ACTION IS FINAL. Applicant is reminded of the extension of time policy as set forth in 
37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
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MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 
1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 

Conclusion 

Prior arts made of record, not relied upon: 

US paten 5, 802,590 is directed to a method and system for allowing processes to access 
resources. A kernel of an operating system maintains a system-wide resource table. This resource 
table contains resource entries. When a resource is allocated, the kernel generates a key for the 
resource.. The kernel also hashes the key to generate an index into the resource table that is used 
as a handle. The kernel stores the key in -I resource entry that is indexed by the handle. The 
handle/key pair is sent to a process. The process accesses the resources by passing handle/key 
pairs to the kernel. The kernel compares the passed key with a key that is stored in the resource 
entry referenced by the passed handle. When the stored key and the passed key match, the 
process is allowed to access the resource. When the stored key and the passed key do not match, 
the kernel rehashes the passed key to generate a new handle. The kernel then searches starting at 
the index of the new handle for a resource entry with a key that matches the passed key. When a 
key matches the passed key, the process is allowed to access the resource, and the index for the 
resource entry is returned to the process so that the process can use the index as a handle to 
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access the resource on subsequent resource access requests. When the passed key does not match 



a key, the process is denied access to the resource. 

US patent 6, 353,886 discloses a method and system for implementing network policy. 
The method involves storing policy data using certificates using a certificate database server. 
Upon retrieval, a policy is then validated as properly certified prior to use. When a policy is not 
validated, it indicates tampering or improper policy data entry. When policy data is successfully 
validated, the policy is implemented. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Taghi T. Arani whose telephone number is (571) 272-3787. The 
examiner can normally be reached on 8:00-5:30 Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9497 (toll-free). 
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